We have a general mailbox that we use for one of our departments. Users log into their computer as themselves (John Smith), open Outlook 2003/2007/2010 and the General Mailbox opens.

All the users are part of a Security Group (General Mailbox Group) that we have assigned Full Access Permissions to use that mailbox. Everything worked great until yesterday around noon when they can not longer send as that general mailbox. When they try to send they receive back the following message.

You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

I have verified through EMC and Shell (Get-MailboxPermission -Identity "General Mailbox") that they have Full Access through the Security Group. I have even added them individually to see if that helps, let it flush the permissions cache overnight without success.

43 Replies

Try removing one individual, let it run through, then re-add, wait 2 hours and test. Also, I know you gave them full permissions, but in the management console there is also the "Manage send as permissions" see if the users are listed in there as well and if not add, and wait 2 hours.

Ditto what Jay and Nick said about Send As permissions - did this work without them having Send As permissions? That's odd. It shouldn't have.

I've seen it both ways, mostly from migrations of server where the permissions just seem to act funky. Some people with only full access can send fine as they did previously while new ones need to be added to the send as in the management console, while others need both, full and send as.

Let's try this. Log onto your server hosting AD and open the active directory management console. Locate account you are trying to add these users to, right click and choose properties, then click the security tab then the advanced button. If there is a check box in the inheritable permissions, uncheck it, click OK, apply, and OK again then try to run the command of from the console.

Active Directory operation failed on dc.domain.com. This error is not retriable. Additional information:
Access is denied.............................

When looking at the General Mailbox User account under Security I have added the General Mailbox Group with FC. However, when I Manage Full Access Permissions from the EMC I do not see the group there.

I added the account about 30 minutes ago to the user in ADUC. I just restarted the Exchange IS just to flush the cache. Still the General Group does not show in the EMC GUI under the Full Access Permissions.

I jsut checked my domain admin account in AD for the member of tab, only two that should make a difference when setting the permissions would be "Enterprise Admins" and "Exchange Domain Servers". Then under the security tab the enterprise admins have full permissions.

I may have fixed it, but I'm not sure yet. I went back to the General Mailbox User Security tab under ADUC and checked the box to enable Permissions Inheritance. Waited about 5 minutes and reran those commands. They worked.

When I go to the EMC GUI they are there on one Exchange Server. However, they are no there on the other Exchange Server, so I'm going to give it time to replicate and see if they show up with time.

Even after everything replicated they weren't able to send. So I added them to the "Send on behalf", just to test and it worked.

They were able to Send As them... not just on Behalf. Just to make sure it wasn't a coincidence, I removed them from the behalf, closed their Outlook and opened it back up an had them try... FAILED. I then added them back to Behalf, closed Outlook and Opened it back up.. Success.

It doesn't make any sense though. They aren't actually sending on Behalf, they are Sending As.

The recipients of the email see the General User, not User1 on Behalf of.